From 9dd716d0140fdfcc54c68cc30199585a6b3cf06a Mon Sep 17 00:00:00 2001 From: Philipp Matthias Schaefer Date: Thu, 7 Mar 2019 21:57:19 +0100 Subject: [PATCH] Handbuchskizze und GPG-Key-Script --- Office/Handbuch/handbuch.md | 73 +++++++ Office/Handbuch/scripts/.gitignore | 1 + Office/Handbuch/scripts/gen-office-key | 281 +++++++++++++++++++++++++ 3 files changed, 355 insertions(+) create mode 100644 Office/Handbuch/handbuch.md create mode 100644 Office/Handbuch/scripts/.gitignore create mode 100755 Office/Handbuch/scripts/gen-office-key diff --git a/Office/Handbuch/handbuch.md b/Office/Handbuch/handbuch.md new file mode 100644 index 0000000..dc52691 --- /dev/null +++ b/Office/Handbuch/handbuch.md @@ -0,0 +1,73 @@ +WIP + +# Handbuch für den Vorstand des Hackspace Jena e.V." + +Dieses Handbuch ist kein Gesetz. Es dokumentiert eine selbst auferlegte +Aufgabenverteilung, die immer wieder ständig angepasst werden kann und die +dokumentiert, wie der aktuelle Vorstand seine Arbeit machen möchte. Natürlich +kann das Handbuch bei der Aufnahme der Arbeit eines neu gewählten Vorstandes als +Orientierung dienen, an die er sich mehr oder weniger hält. Ein Ziel, das mit +der Erstellung und Pflege dieses Dokumentes verfolgt wird, ist auch, bei der +Übergabe und Einarbeitung Zeit zu sparen und Kommunikationsfehler zu vermeiden. + +TODO: https://kraut.space/hswiki:anleitungen:vorstandswechsel einarbeiten + +## Gemeinsame Arbeit + +- Vorstandssitzungen + +## Vorsitzender + +### Übergabe + +#### Eintretend + +- Sicherheitsbeauftragten benennen und unter + https://kraut.space/hswiki:verein:verantwortliche#sicherheitsbeauftragter + vermerken + +### Laufender Betrieb + +## Schatzmeister + +### Übergabe + +### Laufender Betrieb + +#### Finanzen + +#### Mitgliederverwaltung + +- Mitgliederanträge werden chronologisch sortiert in einem Ordner abgeheftet +- Austrittserklärungen werden bei dem korrespondierenden Mitgliedsantrag + abgeheftet +- Austrittserklärungen werden mit einem Formschreiben bestätigt +- Eintritt und Austritt werden in Jameica gepflegt + +#### Sonstiges + +- Bei Bedarf Domains bei OVH verlängern, man bekommt ne E-Mail (Login in keepass file) + +## Schriftführer + +### Übergabe + +#### Scheidend + +- Erstellung und Übergabe des Protokolls der Mitgliederversammlung organisieren + +#### Eintretend + +- Unterlagen zum Notar für Vereinsregistereintragung +- Im Januar: Neues E-Mail-Zertifikat erstellen und veröffentlichen + - Mit scripts/gen-office-key erstellen + - Auf Keyserver veröffentilchen + - In ORTS einspielen + - Links und Download auf Webseite aktualisieren + +### Laufender Betrieb + +- Außenkommunikation (OTRS) + - Junk aussortieren + - Rest beantworten oder anderen Vorstandsmitgliedern zuweißen +- Protokolle der Vorstandssitzungen diff --git a/Office/Handbuch/scripts/.gitignore b/Office/Handbuch/scripts/.gitignore new file mode 100644 index 0000000..1053c0d --- /dev/null +++ b/Office/Handbuch/scripts/.gitignore @@ -0,0 +1 @@ +*.asc diff --git a/Office/Handbuch/scripts/gen-office-key b/Office/Handbuch/scripts/gen-office-key new file mode 100755 index 0000000..fb1b583 --- /dev/null +++ b/Office/Handbuch/scripts/gen-office-key @@ -0,0 +1,281 @@ +#!/bin/bash +#---help--- +# Usage: +# gen-ffice-key +# gen-ffice-key [-h|--help] +# +# Generate a GPG key pair for Hackspace Jena e.V.'s office email addresses +# +# Options: +# +# -h --help Show this message and exit +# +# Description: +# +# gen-office-key generates a GPG key pair for the three Hackspace Jena e.V. +# office email addresses +# +# office@hackspace-jena.de , +# office@krautspace.de , and +# office@kraut.space +# +# under the user id 'Hackspace Jena e.V. Büro ($year)', for the current year +# ($year). The script generates a 4096-bit RSA key pair for signing, +# encryption, and authentication. The key expires on January 31st of the +# following year and the a new key should be generated every Janurary. +# +# The scripts exports two files. 'office_key_$year.pub.asc' with the ASCII +# armored public key, and 'office_key_$year.asc' with both keys in ASCII +# armored form. If either file exists, the script reports and error and exists +# without doing anyting. +# +# Notes: +# +# This script has no arguments or options (except for -h) so that the user +# does not have to think. You run it in January once every year, upload the +# key to the appropriate places, and that is it. +# +# If circumstances change in the future, rather than add options to this +# script, adapt it. +# +# License: +# +# 2019 Philipp Matthias Schäfer +# +# To the extent possible under law, the author has dedicated all copyright and +# related and neighboring rights to this software to the public domain +# worldwide. This software is distributed without any warranty. +# +# You can find a copy of the CC0 Public Domain Dedication at the end of source +# of this script and under . +#---help--- + +# This script exports environment variables and changes the file mode creation +# mask +if [[ "${BASH_SOURCE[0]}" != "${0}" ]]; then + echo "Error: ${BASH_SOURCE[0]} must not be sourced" + return 1 +fi + +set -eu + +if [ $# -gt 0 ]; then + # Print the help message enclosed between the two lines containing + # '#---help---' + sed -n '/^#---help---/,/^#---help---/p;' "$0" \ + | sed -E 's/^# ?//;1d;$d;' + + # If -h or --help was passed, the user wanted to see the help message, + # otherwise, we showed it due to an erroneous invocation. + case "$1" in + -h | --help) exit 0;; + *) exit 1;; + esac +fi + +# Determine the current year +year=$(date +%Y) +# The next year +next_year=$((year+1)) +# And from that the expiration date of new key +expiration_date="$next_year-01-31" + +# Derive the output file names from the current year +public_key_file="office_key_$year.pub.asc" +secret_key_file="office_key_$year.asc" + +# Ensure that the files do not exist +die_if_exists() { + if [ -f "$1" ]; then + echo "Error: File $1 already exists" + exit 1 + fi +} +die_if_exists "$public_key_file" +die_if_exists "$secret_key_file" + +# Warn when it is not January +if [ "01" -ne "$(date +%m)" ]; then + echo "Warning: This script should have been run in January." +fi + +# Create temporary directory as our working directory +work_directory=$(mktemp -d) +# Ensure that it gets deleted when this script exists (for whatever reason) +trap "rm -rf '$work_directory'" EXIT HUP INT TERM + +# Make GPG use the work directory +export GNUPGHOME="$work_directory" + +# Create key generation configuration with first uid +# https://www.gnupg.org/documentation/manuals/gnupg/Unattended-GPG-key-generation.html +cat > "$work_directory/configuration" << EOF +%no-protection +Key-Type: RSA +Key-Length: 4096 +Key-Usage: encrypt,sign,auth +Name-Real: Hackspace Jena e.V. Büro ($year) +Name-Email: office@hackspace-jena.de +Expire-Date: $expiration_date +%commit +EOF + +echo -n "Generating..." + +# Generate key +gpg --quiet --batch --no-tty --gen-key "$work_directory/configuration" \ + 2>&1 >/dev/null \ + | grep -v "marked as ultimately trusted" 1>&2 \ + || echo -n '' # Because grep exits with 1 + +# Determine keyid of the new key +keyid=$(gpg --quiet --no-tty --list-secret-keys --with-colons 2>/dev/null \ + | awk -F: '/^sec:/ { print $5 }') + +# Add two additional uids +gpg --quick-add-uid "$keyid" \ + "Hackspace Jena e.V. Büro ($year) " +gpg --quick-add-uid "$keyid" \ + "Hackspace Jena e.V. Büro ($year) " + +# Export public key +gpg --batch --yes --no-tty --armor \ + --output "$public_key_file" --export "$keyid" + +# Store old umask +old_umask=$(umask) +# Ensure secret key is only readable by the current user +umask 0077 +# Export secret key +gpg --batch --yes --no-tty --armor \ + --output "$secret_key_file" --export-secret-keys "$keyid" + +echo -e "\rGenerated key pair:" +gpg --list-keys | grep -v "$work_directory" + +echo "Public Key: $public_key_file" +echo "Secret Key: $secret_key_file" + +#---license--- +# Creative Commons Legal Code +# +# CC0 1.0 Universal +# +# CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE +# LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN +# ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS +# INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES +# REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS +# PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM +# THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED +# HEREUNDER. +# +# Statement of Purpose +# +# The laws of most jurisdictions throughout the world automatically confer +# exclusive Copyright and Related Rights (defined below) upon the creator +# and subsequent owner(s) (each and all, an "owner") of an original work of +# authorship and/or a database (each, a "Work"). +# +# Certain owners wish to permanently relinquish those rights to a Work for +# the purpose of contributing to a commons of creative, cultural and +# scientific works ("Commons") that the public can reliably and without fear +# of later claims of infringement build upon, modify, incorporate in other +# works, reuse and redistribute as freely as possible in any form whatsoever +# and for any purposes, including without limitation commercial purposes. +# These owners may contribute to the Commons to promote the ideal of a free +# culture and the further production of creative, cultural and scientific +# works, or to gain reputation or greater distribution for their Work in +# part through the use and efforts of others. +# +# For these and/or other purposes and motivations, and without any +# expectation of additional consideration or compensation, the person +# associating CC0 with a Work (the "Affirmer"), to the extent that he or she +# is an owner of Copyright and Related Rights in the Work, voluntarily +# elects to apply CC0 to the Work and publicly distribute the Work under its +# terms, with knowledge of his or her Copyright and Related Rights in the +# Work and the meaning and intended legal effect of CC0 on those rights. +# +# 1. Copyright and Related Rights. A Work made available under CC0 may be +# protected by copyright and related or neighboring rights ("Copyright and +# Related Rights"). Copyright and Related Rights include, but are not +# limited to, the following: +# +# i. the right to reproduce, adapt, distribute, perform, display, +# communicate, and translate a Work; +# ii. moral rights retained by the original author(s) and/or performer(s); +# iii. publicity and privacy rights pertaining to a person's image or +# likeness depicted in a Work; +# iv. rights protecting against unfair competition in regards to a Work, +# subject to the limitations in paragraph 4(a), below; +# v. rights protecting the extraction, dissemination, use and reuse of data +# in a Work; +# vi. database rights (such as those arising under Directive 96/9/EC of the +# European Parliament and of the Council of 11 March 1996 on the legal +# protection of databases, and under any national implementation +# thereof, including any amended or successor version of such +# directive); and +# vii. other similar, equivalent or corresponding rights throughout the +# world based on applicable law or treaty, and any national +# implementations thereof. +# +# 2. Waiver. To the greatest extent permitted by, but not in contravention +# of, applicable law, Affirmer hereby overtly, fully, permanently, +# irrevocably and unconditionally waives, abandons, and surrenders all of +# Affirmer's Copyright and Related Rights and associated claims and causes +# of action, whether now known or unknown (including existing as well as +# future claims and causes of action), in the Work (i) in all territories +# worldwide, (ii) for the maximum duration provided by applicable law or +# treaty (including future time extensions), (iii) in any current or future +# medium and for any number of copies, and (iv) for any purpose whatsoever, +# including without limitation commercial, advertising or promotional +# purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +# member of the public at large and to the detriment of Affirmer's heirs and +# successors, fully intending that such Waiver shall not be subject to +# revocation, rescission, cancellation, termination, or any other legal or +# equitable action to disrupt the quiet enjoyment of the Work by the public +# as contemplated by Affirmer's express Statement of Purpose. +# +# 3. Public License Fallback. Should any part of the Waiver for any reason +# be judged legally invalid or ineffective under applicable law, then the +# Waiver shall be preserved to the maximum extent permitted taking into +# account Affirmer's express Statement of Purpose. In addition, to the +# extent the Waiver is so judged Affirmer hereby grants to each affected +# person a royalty-free, non transferable, non sublicensable, non exclusive, +# irrevocable and unconditional license to exercise Affirmer's Copyright and +# Related Rights in the Work (i) in all territories worldwide, (ii) for the +# maximum duration provided by applicable law or treaty (including future +# time extensions), (iii) in any current or future medium and for any number +# of copies, and (iv) for any purpose whatsoever, including without +# limitation commercial, advertising or promotional purposes (the +# "License"). The License shall be deemed effective as of the date CC0 was +# applied by Affirmer to the Work. Should any part of the License for any +# reason be judged legally invalid or ineffective under applicable law, such +# partial invalidity or ineffectiveness shall not invalidate the remainder +# of the License, and in such case Affirmer hereby affirms that he or she +# will not (i) exercise any of his or her remaining Copyright and Related +# Rights in the Work or (ii) assert any associated claims and causes of +# action with respect to the Work, in either case contrary to Affirmer's +# express Statement of Purpose. +# +# 4. Limitations and Disclaimers. +# +# a. No trademark or patent rights held by Affirmer are waived, abandoned, +# surrendered, licensed or otherwise affected by this document. +# b. Affirmer offers the Work as-is and makes no representations or +# warranties of any kind concerning the Work, express, implied, +# statutory or otherwise, including without limitation warranties of +# title, merchantability, fitness for a particular purpose, non +# infringement, or the absence of latent or other defects, accuracy, or +# the present or absence of errors, whether or not discoverable, all to +# the greatest extent permissible under applicable law. +# c. Affirmer disclaims responsibility for clearing rights of other persons +# that may apply to the Work or any use thereof, including without +# limitation any person's Copyright and Related Rights in the Work. +# Further, Affirmer disclaims responsibility for obtaining any necessary +# consents, permissions or other rights required for any use of the +# Work. +# d. Affirmer understands and acknowledges that Creative Commons is not a +# party to this document and has no duty or obligation with respect to +# this CC0 or use of the Work. +#---license---